Created
October 13, 2023 09:44
-
-
Save saintdle/f96623c3a161164a8e574315a53d03c3 to your computer and use it in GitHub Desktop.
exam-app.yaml
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| apiVersion: cilium.io/v2 | |
| kind: CiliumNetworkPolicy | |
| metadata: | |
| name: deny-all | |
| namespace: exam-app | |
| spec: | |
| egress: | |
| - toEndpoints: | |
| - matchLabels: | |
| io.kubernetes.pod.namespace: kube-system | |
| k8s-app: kube-dns | |
| toPorts: | |
| - ports: | |
| - port: "53" | |
| protocol: UDP | |
| endpointSelector: | |
| matchLabels: | |
| io.kubernetes.pod.namespace: exam-app | |
| ingress: | |
| - {} | |
| --- | |
| apiVersion: cilium.io/v2 | |
| kind: CiliumNetworkPolicy | |
| metadata: | |
| name: traffic-generator | |
| namespace: exam-app | |
| spec: | |
| egress: | |
| - toEndpoints: | |
| - matchLabels: | |
| app: web-fe | |
| toPorts: | |
| - ports: | |
| - port: "8080" | |
| protocol: TCP | |
| - toEntities: | |
| - world | |
| toPorts: | |
| - ports: | |
| - port: "80" | |
| protocol: TCP | |
| - toEntities: | |
| - world | |
| toPorts: | |
| - ports: | |
| - port: "443" | |
| protocol: TCP | |
| endpointSelector: | |
| matchLabels: | |
| app: traffic-generator | |
| --- | |
| apiVersion: cilium.io/v2 | |
| kind: CiliumNetworkPolicy | |
| metadata: | |
| name: web-be | |
| namespace: exam-app | |
| spec: | |
| endpointSelector: | |
| matchLabels: | |
| app: web-be | |
| ingress: | |
| - fromEndpoints: | |
| - matchLabels: | |
| app: web-fe | |
| io.kubernetes.pod.namespace: exam-app | |
| toPorts: | |
| - ports: | |
| - port: "80" | |
| protocol: TCP | |
| rules: | |
| http: | |
| - method: GET | |
| path: /api | |
| - method: GET | |
| path: /api/ | |
| - method: GET | |
| path: / | |
| - method: GET | |
| path: /FindMe/ | |
| --- | |
| apiVersion: cilium.io/v2 | |
| kind: CiliumNetworkPolicy | |
| metadata: | |
| name: web-fe | |
| namespace: exam-app | |
| spec: | |
| egress: | |
| - toEndpoints: | |
| - matchLabels: | |
| app: web-be | |
| toPorts: | |
| - ports: | |
| - port: "80" | |
| protocol: TCP | |
| endpointSelector: | |
| matchLabels: | |
| app: web-fe | |
| ingress: | |
| - fromEntities: | |
| - ingress | |
| toPorts: | |
| - ports: | |
| - port: "8080" | |
| protocol: TCP | |
| - fromEndpoints: | |
| - matchLabels: | |
| app: traffic-generator | |
| io.kubernetes.pod.namespace: exam-app | |
| toPorts: | |
| - ports: | |
| - port: "8080" | |
| protocol: TCP | |
| --- | |
| apiVersion: v1 | |
| kind: Service | |
| metadata: | |
| name: web-be | |
| namespace: exam-app | |
| labels: | |
| app: web-be | |
| spec: | |
| selector: | |
| app: web-be | |
| ports: | |
| - name: web-be | |
| port: 80 | |
| targetPort: 80 | |
| --- | |
| apiVersion: v1 | |
| kind: Service | |
| metadata: | |
| name: web-fe | |
| namespace: exam-app | |
| labels: | |
| app: web-fe | |
| spec: | |
| selector: | |
| app: web-fe | |
| ports: | |
| - name: web-fe | |
| port: 80 | |
| targetPort: 8080 | |
| --- | |
| apiVersion: v1 | |
| data: | |
| default.conf: | | |
| server { | |
| listen 80; | |
| listen [::]:80; | |
| server_name localhost; | |
| location / { | |
| root /usr/share/nginx/html; | |
| index index.html index.htm; | |
| } | |
| error_page 500 502 503 504 /50x.html; | |
| location = /50x.html { | |
| root /usr/share/nginx/html; | |
| } | |
| } | |
| kind: ConfigMap | |
| metadata: | |
| name: nginx-conf | |
| namespace: exam-app | |
| --- | |
| apiVersion: v1 | |
| data: | |
| haproxy.cfg: | | |
| frontend web-fe | |
| bind *:8080 | |
| mode http | |
| default_backend web-be | |
| backend web-be | |
| mode http | |
| balance roundrobin | |
| server web-be web-be:80 check | |
| kind: ConfigMap | |
| metadata: | |
| name: web-fe | |
| namespace: exam-app | |
| --- | |
| apiVersion: apps/v1 | |
| kind: Deployment | |
| metadata: | |
| labels: | |
| app: web-be | |
| name: web-be | |
| namespace: exam-app | |
| spec: | |
| progressDeadlineSeconds: 600 | |
| replicas: 2 | |
| revisionHistoryLimit: 10 | |
| selector: | |
| matchLabels: | |
| app: web-be | |
| strategy: | |
| rollingUpdate: | |
| maxSurge: 25% | |
| maxUnavailable: 25% | |
| type: RollingUpdate | |
| template: | |
| metadata: | |
| labels: | |
| app: web-be | |
| spec: | |
| containers: | |
| - image: nginx | |
| imagePullPolicy: Always | |
| name: web-be | |
| ports: | |
| - containerPort: 80 | |
| name: http | |
| protocol: TCP | |
| resources: {} | |
| terminationMessagePath: /dev/termination-log | |
| terminationMessagePolicy: File | |
| volumeMounts: | |
| - mountPath: /usr/share/nginx/html/ | |
| name: web-be | |
| - mountPath: /usr/share/nginx/html/api/ | |
| name: web-be-api | |
| - mountPath: /etc/nginx/conf.d | |
| name: nginx-conf | |
| readOnly: true | |
| dnsPolicy: ClusterFirst | |
| initContainers: | |
| - command: | |
| - sh | |
| - -c | |
| - | | |
| cat <<EOF >/usr/share/nginx/html/index.html | |
| Service-Name = web-be | |
| Service-Version = v0 | |
| Service-ID = ${POD_NAME} | |
| Pod IP address = ${POD_IP} | |
| Node = ${HOST_NAME} | |
| EOF | |
| cat <<EOF >/usr/share/nginx/html/api/index.html | |
| Service-Name = web-be | |
| Service-Version = v0 | |
| Service-ID = ${POD_NAME} | |
| Pod IP address = ${POD_IP} | |
| Node = ${HOST_NAME} | |
| EOF | |
| env: | |
| - name: POD_IP | |
| valueFrom: | |
| fieldRef: | |
| apiVersion: v1 | |
| fieldPath: status.podIP | |
| - name: HOST_NAME | |
| valueFrom: | |
| fieldRef: | |
| apiVersion: v1 | |
| fieldPath: spec.nodeName | |
| - name: POD_NAME | |
| valueFrom: | |
| fieldRef: | |
| apiVersion: v1 | |
| fieldPath: metadata.name | |
| image: everpeace/curl-jq | |
| imagePullPolicy: Always | |
| name: web-be-init | |
| resources: {} | |
| terminationMessagePath: /dev/termination-log | |
| terminationMessagePolicy: File | |
| volumeMounts: | |
| - mountPath: /usr/share/nginx/html/ | |
| name: web-be | |
| - mountPath: /usr/share/nginx/html/api/ | |
| name: web-be-api | |
| restartPolicy: Always | |
| schedulerName: default-scheduler | |
| securityContext: {} | |
| terminationGracePeriodSeconds: 30 | |
| volumes: | |
| - emptyDir: {} | |
| name: web-be | |
| - emptyDir: {} | |
| name: web-be-api | |
| - configMap: | |
| defaultMode: 420 | |
| items: | |
| - key: default.conf | |
| path: default.conf | |
| name: nginx-conf | |
| name: nginx-conf | |
| --- | |
| apiVersion: apps/v1 | |
| kind: Deployment | |
| metadata: | |
| labels: | |
| app: web-fe | |
| name: web-fe | |
| namespace: exam-app | |
| spec: | |
| progressDeadlineSeconds: 600 | |
| replicas: 1 | |
| revisionHistoryLimit: 10 | |
| selector: | |
| matchLabels: | |
| app: web-fe | |
| strategy: | |
| rollingUpdate: | |
| maxSurge: 25% | |
| maxUnavailable: 25% | |
| type: RollingUpdate | |
| template: | |
| metadata: | |
| creationTimestamp: null | |
| labels: | |
| app: web-fe | |
| spec: | |
| containers: | |
| - image: haproxy | |
| imagePullPolicy: Always | |
| name: web-fe | |
| ports: | |
| - containerPort: 8080 | |
| name: http | |
| protocol: TCP | |
| - containerPort: 443 | |
| name: https | |
| protocol: TCP | |
| resources: {} | |
| terminationMessagePath: /dev/termination-log | |
| terminationMessagePolicy: File | |
| volumeMounts: | |
| - mountPath: /usr/local/etc/haproxy | |
| name: web-fe | |
| readOnly: true | |
| dnsPolicy: ClusterFirst | |
| restartPolicy: Always | |
| schedulerName: default-scheduler | |
| securityContext: {} | |
| terminationGracePeriodSeconds: 30 | |
| volumes: | |
| - configMap: | |
| defaultMode: 420 | |
| items: | |
| - key: haproxy.cfg | |
| path: haproxy.cfg | |
| name: web-fe | |
| name: web-fe | |
| --- | |
| apiVersion: apps/v1 | |
| kind: Deployment | |
| metadata: | |
| labels: | |
| app: traffic-generator | |
| name: traffic-generator-combined | |
| namespace: exam-app | |
| spec: | |
| progressDeadlineSeconds: 600 | |
| replicas: 10 | |
| revisionHistoryLimit: 10 | |
| selector: | |
| matchLabels: | |
| app: traffic-generator | |
| strategy: | |
| rollingUpdate: | |
| maxSurge: 25% | |
| maxUnavailable: 25% | |
| type: RollingUpdate | |
| template: | |
| metadata: | |
| labels: | |
| app: traffic-generator | |
| spec: | |
| containers: | |
| - command: | |
| - sh | |
| - -c | |
| - while true; do | |
| curl -s web-fe/api; sleep $(curl -s https://www.random.org/integers/\?num\=1\&min\=1\&max\=5\&col\=1\&base\=10\&format\=plain\&rnd\=new); | |
| curl -s web-fe; sleep $(curl -s https://www.random.org/integers/\?num\=1\&min\=1\&max\=5\&col\=1\&base\=10\&format\=plain\&rnd\=new); | |
| curl -s web-fe/FindMe/; sleep $(curl -s https://www.random.org/integers/\?num\=1\&min\=1\&max\=5\&col\=1\&base\=10\&format\=plain\&rnd\=new); | |
| curl -s web-fe/NotAllowed/; sleep $(curl -s https://www.random.org/integers/\?num\=1\&min\=1\&max\=5\&col\=1\&base\=10\&format\=plain\&rnd\=new); | |
| curl -s web-fe/api; sleep $(curl -s https://www.random.org/integers/\?num\=1\&min\=1\&max\=5\&col\=1\&base\=10\&format\=plain\&rnd\=new); | |
| curl -s web-fe; sleep $(curl -s https://www.random.org/integers/\?num\=1\&min\=1\&max\=5\&col\=1\&base\=10\&format\=plain\&rnd\=new); | |
| curl -s web-fe/FindMe/; sleep $(curl -s https://www.random.org/integers/\?num\=1\&min\=1\&max\=5\&col\=1\&base\=10\&format\=plain\&rnd\=new); | |
| curl -s web-fe/NotAllowed/; sleep $(curl -s https://www.random.org/integers/\?num\=1\&min\=1\&max\=5\&col\=1\&base\=10\&format\=plain\&rnd\=new); | |
| curl -s ebpf.io; sleep $(curl -s https://www.random.org/integers/\?num\=1\&min\=1\&max\=5\&col\=1\&base\=10\&format\=plain\&rnd\=new); | |
| curl -s isovalent.com; sleep $(curl -s https://www.random.org/integers/\?num\=1\&min\=1\&max\=5\&col\=1\&base\=10\&format\=plain\&rnd\=new); | |
| curl -s web-fe/api; sleep $(curl -s https://www.random.org/integers/\?num\=1\&min\=1\&max\=5\&col\=1\&base\=10\&format\=plain\&rnd\=new); | |
| curl -s web-fe; sleep $(curl -s https://www.random.org/integers/\?num\=1\&min\=1\&max\=5\&col\=1\&base\=10\&format\=plain\&rnd\=new); | |
| curl -s web-fe/FindMe/; sleep $(curl -s https://www.random.org/integers/\?num\=1\&min\=1\&max\=5\&col\=1\&base\=10\&format\=plain\&rnd\=new); | |
| curl -s web-fe/NotAllowed/; sleep $(curl -s https://www.random.org/integers/\?num\=1\&min\=1\&max\=5\&col\=1\&base\=10\&format\=plain\&rnd\=new); | |
| curl -s ebpf.io; sleep $(curl -s https://www.random.org/integers/\?num\=1\&min\=1\&max\=5\&col\=1\&base\=10\&format\=plain\&rnd\=new); | |
| curl -s isovalent.com; sleep $(curl -s https://www.random.org/integers/\?num\=1\&min\=1\&max\=5\&col\=1\&base\=10\&format\=plain\&rnd\=new); | |
| sleep 1; | |
| done | |
| image: everpeace/curl-jq | |
| imagePullPolicy: Always | |
| name: traffic-generator | |
| resources: {} | |
| terminationMessagePath: /dev/termination-log | |
| dnsPolicy: ClusterFirst | |
| restartPolicy: Always | |
| schedulerName: default-scheduler | |
| securityContext: {} | |
| terminationGracePeriodSeconds: 30 | |
| --- | |
| apiVersion: cilium.io/v2 | |
| kind: CiliumNetworkPolicy | |
| metadata: | |
| name: deny-all | |
| namespace: exam-app | |
| spec: | |
| egress: | |
| - toEndpoints: | |
| - matchLabels: | |
| io.kubernetes.pod.namespace: kube-system | |
| k8s-app: kube-dns | |
| toPorts: | |
| - ports: | |
| - port: "53" | |
| protocol: UDP | |
| endpointSelector: | |
| matchLabels: | |
| io.kubernetes.pod.namespace: exam-app | |
| ingress: | |
| - {} | |
| --- |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment